Initiative Objective: Promote open source technologies within the security and data privacy areas.
Within the OW2 Privacy and Security Initiative, OW2 members and non-OW2 members are joining their efforts to develop and to promote open-source code and documentation about data integrity, data privacy and Cloud/IT security. These software, such as LemonLDAP::NG, are based on open standards and freely available on the OW2 code base.
Initiative Name: OW2 PRISi stands for PRIvacy and Security.
Why now?
During OW2con'14, our panelists confirmed the importance of managing global security (infrastructure, authentication, data privacy, etc.) in each organization. Security is now central in many value propositions. A large bunch of professional services need embedded security to establish and maintain trust.
With applications running in the cloud, PC-based security solutions are not enough. We need to apply cryptography and authentication mechanisms to an open and collaborative world, where users are working from different places, with different devices. OW2 PRISi will contribute to develop open source privacy and security solutions, based on open standards.
Initiative scope
Here are the first market segments that the OW2 initiative is currently investigating:
IAM: Identity and Access Management
SIEM: Security Information and Events Management
Secured Clouds: open IaaS and PaaS solutions to build resilient and robust private, public and hybrid clouds
PRISi SaaS: Privacy and Security Software as a Service
Cloud and IoT Security Round Table
Secured web, IoT and hybrid cloud services
Paris, 22 March 2017, during Paris Open Cloud Forum by OW2, in parallel with Cloud Computing World Expo
A round table with Clément Oudot (Savoir-faire Linux), Yacine Kheddache (Red Hat), François Déchelle (Teclib), Gilles Lehmann (Prelude-CS)
AuthzForce. The authorization server for Web Services that supports XACML, X.509, SAML and LDAP.
FusionDirectory. This data management solution for LDAP directory from OpenSides is currently being used for implementing the OW2 user management service. FusionDirectory reinforces the OW2 identity stack.
Jmine Platform. The Jmine Platform is a basis for other developers to quickstart the creation of transactional applications in Java. It provides features like auditing, authorization, authentication, data segregation, distributed processing, integration, tracking and test tools in an extensible way.
LemonLDAP::NG. This single sign on handler for Apache web server provides strong access control through access rules based on regular expressions.
Nursery. Nursery is a software suite dedicated to API publishing and subscription life cycle management. It's basically an API Management system.
Siwpas. Siwpas is a lightweight Java application server platform for developing enterprise quality Java EE 6 web applications, with enterprise-class features, such as Clustering & Failover, Security Modules.
Trustie Software Resource Repository. Aims to provide a trustworthy software resource management mechanism and a software resources sharing environment.
Vespa. The Virtual Environments Self-Protecting Architecture offers a software framework written in Python for security monitoring of IaaS and multi-IaaS infrastructures.
OW2 Collaborative Projects with Privacy or Security Aspects
The following collaborative projects include open source security components. Do not hesitate to follow these links for more information:
AppHub. The European open source marketplace where business users can discover, deploy and run quality open source software packages for their information systems.
CHOReVOLUTION. Automated Synthesis of Dynamic and Secured Choreographies for the Future Internet.
OCCIware. A formal framework for the management of any digital resource in the cloud.
OpenCloudware. A multi-IaaS PaaS providing applications isolation, encryption and security of images, identity and roles management. AuthZForce v3.0 is used as authentication server.
Call for Participation
All OW2 members and other involved stakeholders are invited to join and contribute, defining the scope and objectives, build the roadmap, and identify potentially interested third parties.